I found some wierd things in the mod_security log.
Apparently, mod_security is causing the malfunction.
I'll disable it and check the rulesets.

there are still some topics I'd like to discuss with ISPConfig pros:

* location of www*
Thanks for the hint about the link to /home, but I wonder what will happen when /var is full ?
Will the link from /var to /home still work if /var is full?
(I want the websites to work, even when a bug caused my logs to explode).

* /tmp *
I mounted /tmp with noexec, nosuid to further secure my setup, but I see the upload tmp is set separately for each web under var/www/client1/web1/tmp or something like that.
Is it safe to assume I just need to change the vhost template and set it there to /tmp ?
Is that even useful? Will it be more secure?

* mod_dosevasive *
I have mod_dosevasive installed on my other box.
After some years I still can't say if it is useful or not?
What's your opinion?

* RAID and mdadm *
I've got hardware RAID on the box (RAID 1 with two hot swap HDD), and there is only one HDD showing up in the operating system.
ISPConfig says RAID status can't be shown because mdadm is not installed.
Should I install mdadm? Is it useful with hardware RAID?